Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Financial Records of Millions At Risk After Computershare Insider Copies Data To USB… Then Loses The USB

Computershare, the investor services firm, has filed suit against a former employee it charges with making off with thousands of pages of proprietary company documents, including information on shareholder names, account numbers and financial holdings.

Computershare, the investor services firm, has filed suit against a former employee it charges with making off with thousands of pages of proprietary company documents, including information on shareholder names, account numbers and financial holdings.

The company warned that the data, which was illegally copied from the former employee’s company laptop to a USB drive, which was subsequently lost, could put the “privacy and financial record of millions of shareholders” at risk.

The complaint, filed in February in Federal Court for the District of Massachusetts, alleges that Kathyann Pace violated the Federal Computer Fraud and Abuse Act (CFAA) when she absconded with the data after tendering her resignation from Computershare in September, 2010.

Pace, a Massachusetts resident who worked as an internal risk management auditor in Computershare’s Canton, Massachusetts office, failed to surrender her company-owned laptop for close to a month following her resignation, Computershare ordered a forensic examination of the device once it was returned.

The forensic examination revealed that Pace had copied thousands of pages of sensitive information to two portable USB drives shortly before the laptop was returned. The sensitive data included documents detailing computershare’s business and operational processes for the company’s U.S. business lines, descriptions of internal risk management efforts and controls, audit findings and resolutions, as well as e-mail messages including attachments with personal information on an unknown number of Computershare customers.

The lawsuit was initially filed to force Pace to return the stolen data. However, soon after filing the suit, Pace told her former employer that she could not locate the USB drives she had copied the data onto.

Ultimately the company was able to examine Pace’s personal electronic devices, including another USB drive and an iMac. That investigation determined that she had, indeed, copied the sensitive data to her iMac and the USB drive, and had used the USB drives she claimed to have lost just a day before she signed an affidavit claiming she could not locate them. In March, 2011, Computershare purged the two devices of company data and filed an amended civil complaint seeking recovery of legal fees and including a non-disclosure agreement that would prevent Pace from using or disclosing the information stored on those drives, given that Computershare couldn’t prove that Pace did not still possess them.

"Any competent tech person would never be caught in this situation, it's sad...but it's reality."

With 5 and 8 Mega pixel camera standard on most smart phones someone could easily capture anything. If they are smart then use a spy camera type app and people even looking at the screen of the phone would still have no idea what was going on.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.